mirror of
https://github.com/torvalds/linux.git
synced 2024-11-16 17:12:06 +00:00
82e61c3909
Both read-side users of func_table/func_buf need locking. Without that,
one can easily confuse the code by repeatedly setting altering strings
like:
while (1)
for (a = 0; a < 2; a++) {
struct kbsentry kbs = {};
strcpy((char *)kbs.kb_string, a ? ".\n" : "88888\n");
ioctl(fd, KDSKBSENT, &kbs);
}
When that program runs, one can get unexpected output by holding F1
(note the unxpected period on the last line):
.
88888
.8888
So protect all accesses to 'func_table' (and func_buf) by preexisting
'func_buf_lock'.
It is easy in 'k_fn' handler as 'puts_queue' is expected not to sleep.
On the other hand, KDGKBSENT needs a local (atomic) copy of the string
because copy_to_user can sleep. Use already allocated, but unused
'kbs->kb_string' for that purpose.
Note that the program above needs at least CAP_SYS_TTY_CONFIG.
This depends on the previous patch and on the func_buf_lock lock added
in commit
|
||
|---|---|---|
| .. | ||
| hvc | ||
| ipwireless | ||
| serdev | ||
| serial | ||
| vt | ||
| amiserial.c | ||
| cyclades.c | ||
| ehv_bytechan.c | ||
| goldfish.c | ||
| isicom.c | ||
| Kconfig | ||
| Makefile | ||
| mips_ejtag_fdc.c | ||
| moxa.c | ||
| moxa.h | ||
| mxser.c | ||
| mxser.h | ||
| n_gsm.c | ||
| n_hdlc.c | ||
| n_null.c | ||
| n_r3964.c | ||
| n_tracerouter.c | ||
| n_tracesink.c | ||
| n_tracesink.h | ||
| n_tty.c | ||
| nozomi.c | ||
| pty.c | ||
| rocket_int.h | ||
| rocket.c | ||
| rocket.h | ||
| synclink_gt.c | ||
| synclink.c | ||
| synclinkmp.c | ||
| sysrq.c | ||
| tty_audit.c | ||
| tty_baudrate.c | ||
| tty_buffer.c | ||
| tty_io.c | ||
| tty_ioctl.c | ||
| tty_jobctrl.c | ||
| tty_ldisc.c | ||
| tty_ldsem.c | ||
| tty_mutex.c | ||
| tty_port.c | ||
| ttynull.c | ||
| vcc.c | ||